-Subproject commit a8c4e701f9c26038a9ac9f22d5dd95fd54ebc1ca
+Subproject commit bac40922e4043c632e1a8a5fe1531a640cbfe6c2
#!/bin/bash
+{{/*
# Copyright © 2020 Bell Canada
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
CERTS_DIR=${CERTS_DIR:-/certs}
WORK_DIR=${WORK_DIR:-/updatedTruststore}
metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
data:
aaf-add-config.sh: |
- {{ tpl .Values.aaf_add_config . | indent 4 }}
+ {{ tpl .Values.aaf_add_config . | indent 4 | trim }}
{{- end }}
+{{- define "ingress.config.host" -}}
+{{- $dot := default . .dot -}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}}
+{{ printf "%s.%s" $baseaddr $burl }}
+{{- end -}}
+
{{- define "ingress.config.port" -}}
+{{- $dot := default . .dot -}}
{{- if .Values.ingress -}}
{{- if .Values.global.ingress -}}
{{- if or (not .Values.global.ingress.virtualhost) (not .Values.global.ingress.virtualhost.enabled) -}}
- http:
paths:
{{- range .Values.ingress.service }}
- - path: {{ printf "/%s" (required "baseaddr" .baseaddr) }}
+{{ $baseaddr := required "baseaddr" .baseaddr }}
+ - path: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
backend:
serviceName: {{ .name }}
servicePort: {{ .port }}
{{- end -}}
{{- else if .Values.ingress.service -}}
-{{- $burl := (required "baseurl" .Values.global.ingress.virtualhost.baseurl) -}}
{{ range .Values.ingress.service }}
- - host: {{ printf "%s.%s" (required "baseaddr" .baseaddr) $burl }}
+{{ $baseaddr := required "baseaddr" .baseaddr }}
+ - host: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
http:
paths:
- backend:
{{- if .Values.ingress.tls }}
tls:
{{ toYaml .Values.ingress.tls | indent 4 }}
- {{- end -}}
+{{- end -}}
+{{- if .Values.ingress.config -}}
+{{- if .Values.ingress.config.tls -}}
+{{- $dot := default . .dot -}}
+ tls:
+ - hosts:
+ {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
+ - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+ {{- end }}
+ secretName: {{ required "secret" (tpl (default "" .Values.ingress.config.tls.secret) $dot) }}
+{{- end -}}
+{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
org.onap.ccsdk.sli.dbtype=jdbc
org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/{{.Values.config.db.dbName}}
# See the License for the specific language governing permissions and
# limitations under the License.
-
#################################################################
# Global configuration defaults.
#################################################################
##
replicaCount: 3
## master acts as master only node, choose 'no' if no further data nodes are deployed)
-dedicatednode: "yes"
+dedicatednode: 'yes'
## dedicatednode: "no"
image: bitnami/elasticsearch:7.6.1
## Specify a imagePullPolicy
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube.
- limits: {}
+ limits:
+ cpu: 250m
+ memory: 1536Mi
# cpu: 100m
# memory: 128Mi
requests:
- cpu: 25m
- memory: 256Mi
+ cpu: 5m
+ memory: 310Mi
## Elasticsearch master-eligible container's liveness and readiness probes
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
##
## Service parameters for master-eligible node(s)
##
service:
- suffix: "service"
- name: ""
+ suffix: 'service'
+ name: ''
## list of ports for "common.containerPorts"
## Elasticsearch transport port
ports:
- - name: http-transport
- port: 9300
+ - name: http-transport
+ port: 9300
## master-eligible service type
##
type: ClusterIP
## If not set and create is true, a name is generated using the fullname template
# name:
-
## Elasticsearch cluster name
##
clusterName: elastic-cluster
-
-
-
#!/bin/bash
+{{/*
#
# Adfinis SyGroup AG
# openshift-mariadb-galera: mysql setup script
#
+*/}}
set -eox pipefail
#!/bin/bash
+{{/*
# Copyright © 2019 Orange
# Copyright © 2020 Samsung Electronics
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
# make sure the script fails if any of commands failed
set -e
#!/bin/bash
+{{/*
#
# ============LICENSE_START==========================================
# org.onap.music
#
# ============LICENSE_END=============================================
# ====================================================================
+*/}}
echo "Running startup script to get password from certman"
PWFILE=/opt/app/aafcertman/.password
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources: {{ include "common.resources" . | nindent 10 }}
ingress:
enabled: false
-resources: {}
+#resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 30m
+ memory: 25Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ unlimited: {}
name: consul-agent-scripts-config
- mountPath: /consul/certs
name: consul-agent-certs-config
+ resources: {{ include "common.resources" . | nindent 10 }}
volumes:
- configMap:
name: {{ include "common.fullname" . }}-configmap
port: 8800
config:
ssl: "none"
-
-resources: {}
+
+#resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1500Mi
+ requests:
+ cpu: 650m
+ memory: 530Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ unlimited: {}
odl:
jolokia:
openStackServiceTenantName: "service"
openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
+ # in order to enable static password for so-monitoring uncomment:
+ # so-monitoring:
+ # server:
+ # monitoring:
+ # password: demo123456!
+
# configure embedded mariadb
mariadb:
config:
\r
## App DB Properties\r
spring.datasource.url=jdbc:mysql://portal-db:3306/portal\r
-spring.datasource.username=root\r
-spring.datasource.password=Aa123456\r
+spring.datasource.username=${PORTAL_DB_USER}\r
+spring.datasource.password=${PORTAL_DB_PASSWORD}\r
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQLDialect\r
spring.database.driver.classname=org.mariadb.jdbc.Driver\r
spring.jpa.show-sql=false\r
spring.jpa.properties.hibernate.format_sql=false\r
\r
## Basic Authentication Properties\r
-security.user.name=widget_user\r
-security.user.password=ENC(IjywcRnI9+nuVEh9+OFFiRWAjBT1n718)\r
+security.user.name=${WIDGET_USER}\r
+security.user.password=${WIDGET_PASSWORD}\r
\r
initialization.default.widgets=true\r
initialization.widgetData.url=http://portal-app:{{.Values.global.portalPort}}/ONAPPORTAL/commonWidgets\r
\r
## Account Basic Authentication Properties\r
-account.user.name=portal\r
-account.user.password=6APqvG4AU2rfLgCvMdySwQ==\r
+account.user.name=${ACC_USER}\r
+account.user.password=${ACC_PASSWORD}\r
\r
## Certificate Properties\r
#server.ssl.key-store=classpath:widget-keystore.p12\r
#server.ssl.key-store-password=ENC(DiIYnAMab4u7rEW2yKhF9zBL00uU55q8)\r
#server.ssl.keyStoreType=PKCS12\r
#server.ssl.keyAlias=widget-microservice\r
-\r
jasypt:
encryptor:
- password: EncryptionKey
+ password: ${JASYPT_ENC_KEY}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-portal-widget-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ cd /config-input && \
+ for PFILE in `ls -1 *.*`
+ do
+ envsubst <${PFILE} >/config/${PFILE}
+ chmod 0755 /config/${PFILE}
+ done
+ env:
+ - name: PORTAL_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }}
+ - name: PORTAL_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }}
+ - name: WIDGET_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-widget" "key" "login") | indent 12 }}
+ - name: WIDGET_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-widget" "key" "password") | indent 12 }}
+ - name: ACC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-account" "key" "login") | indent 12 }}
+ - name: ACC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-account" "key" "password") | indent 12 }}
+ - name: JASYPT_ENC_KEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "jasypt-enc-key" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: properties-onapwidgetms-scrubbed
+ - mountPath: /config
+ name: properties-onapwidgetms
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
hostPath:
path: /etc/localtime
- name: properties-onapwidgetms
+ emptyDir:
+ medium: Memory
+ - name: properties-onapwidgetms-scrubbed
configMap:
name: {{ include "common.fullname" . }}-onapwidgetms
defaultMode: 0755
--- /dev/null
+{{/*
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
ubuntuInit: ubuntu-init:1.0.0
+ envsubstImage: dibi/envsubst
+
+################################################################
+# Secrets metaconfig
+#################################################################
+
+secrets:
+ - uid: portal-backend-db
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}'
+ login: '{{ .Values.mariadb.config.backendUserName }}'
+ password: '{{ .Values.mariadb.config.backendPassword }}'
+ passwordPolicy: required
+ - uid: portal-widget
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.widgetCredsExternalSecret) . }}'
+ login: '{{ .Values.config.widgetUsername }}'
+ password: '{{ .Values.config.widgetPassword }}'
+ passwordPolicy: required
+ - uid: portal-account
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.accountCredsExternalSecret) . }}'
+ login: '{{ .Values.config.accountUsername }}'
+ password: '{{ .Values.config.accountPassword }}'
+ passwordPolicy: required
+ - uid: jasypt-enc-key
+ type: password
+ externalSecret: '{{ .Values.config.jasyptEncKeyExternalSecret}}'
+ password: '{{ .Values.config.jasyptEncKey }}'
+ passwordPolicy: required
+
+config:
+ widgetUsername: widget_user
+ widgetPassword: widget_pass
+# widgetCredsExternalSecret: some secret
+ accountUsername: portal
+ accountPassword: portal
+# accountCredsExternalSecret: some secret
+ jasyptEncKey: EncryptionKey
+ # jasyptEncKeyExternalSecret: some secret
#################################################################
# Application configuration defaults.
mariadb:
service:
name: portal-db
+ config:
+ # backendDbExternalSecret: some secret
+ backendUserName: portal
+ backendPassword: portal
service:
type: ClusterIP
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: SDNC_DB_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: ODL_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
+ - name: ODL_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
+
volumeMounts:
- mountPath: /config-input
name: config-input
cmpv2Enabled: true
platform:
certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.0.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
secret:
name: oom-cert-service-client-tls-secret
mountPath: /etc/onap/oom/certservice/certs/
+{{/*
# Copyright © 2020 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
server:
port: {{ index .Values.containerPort }}
mso:
logPath: ./logs/soappcorch
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.auth.rest.aafEncrypted "value2" .Values.mso.auth )}}
- msoKey: {{ .Values.global.app.msoKey }}
+ msoKey: {{ .Values.mso.msoKey }}
config:
{{ if .Values.global.security.aaf.enabled }}
cadi: {{ include "so.cadi.keys" . | nindent 8}}
+{{/*
# Copyright © 2020 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
data:
+{{/*
# Copyright © 2020 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2020 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.service" . }}
security:
aaf:
enabled: false
- app:
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+
#################################################################
# Secrets metaconfig
#################################################################
adminName: so_admin
adminPassword: so_Admin123
# adminCredsExternalSecret: some secret
+
server:
actuator:
username: mso_admin
name: so-appc-orchestrator
type: ClusterIP
ports:
- - port: *containerPort
- name: http
+ - port: *containerPort
+ name: http
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
# Resource Limit flavor -By Default using small
flavor: small
-
#################################################################
# soHelper part
#################################################################
cpu: 1000m
unlimited: {}
livenessProbe:
- path: /manage/health
- port: 8083
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ path: /manage/health
+ port: 8083
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
ingress:
enabled: false
nodeSelector: {}
mso:
auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
basicUser: poBpmn
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
appc:
client:
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
aai:
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
dme2:
vnf:
endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/VnfAdapter
rest:
- endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/v1/vnfs
+ endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/{{ .Values.vnf.api.version }}/vnfs
volume-groups:
rest:
endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/v1/volume-groups
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
metadata:
# - 'my file 1'
# - '{{ include "templateThatGeneratesFileName" . }}'
-
-
#################################################################
# Application configuration defaults.
#################################################################
sniro:
endpoint: http://replaceme:28090/optimizationInstance/V1/create
+vnf:
+ api:
+ version: v2
+
replicaCount: 1
minReadySeconds: 10
containerPort: &containerPort 8081
apiEnforcement: org.onap.so.bpmnPerm
containerPort: *containerPort
-
# Resource Limit flavor -By Default using small
flavor: large
# Segregation for Different environment (Small and Large)
cpu: 1000m
unlimited: {}
livenessProbe:
- path: /manage/health
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ path: /manage/health
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
ingress:
enabled: false
nodeSelector: {}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
server:
port: {{ index .Values.containerPort }}
tomcat:
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
metadata:
--- /dev/null
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+appVersion: "1.7.1"
+description: A Helm chart for Kubernetes
+name: so-cnf-adapter
+version: 6.0.0
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
--- /dev/null
+{{/*
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+aai:
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.server.aai.auth ) }}
+ endpoint: https://aai.{{ include "common.namespace" . }}:8443
+logging:
+ path: logs
+spring:
+ security:
+ usercredentials:
+ - username: ${ACTUATOR_USERNAME}
+ password: ${ACTUATOR_PASSWORD}
+ role: ACTUATOR
+server:
+ port: {{ index .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+
+mso:
+ site-name: localSite
+ logPath: ./logs/cnf
+ msb-ip: msb-iag.{{ include "common.namespace" . }}
+ msb-port: 80
+#Actuator
+management:
+ endpoints:
+ web:
+ base-path: /manage
+ exposure:
+ include: "*"
+ metrics:
+ se-global-registry: false
+ export:
+ prometheus:
+ enabled: true # Whether exporting of metrics to Prometheus is enabled.
+ step: 1m # Step size (i.e. reporting frequency) to use.
--- /dev/null
+{{/*
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "env") | nindent 2 }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata:
+ labels: {{- include "common.labels" . | nindent 8 }}
+ spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
+ - name: {{ include "common.name" . }}-encrypter
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ java Crypto "${AAI_USERNAME}:${AAI_PASSWORD}" "${MSO_KEY}" > /output/.aai_creds
+ env:
+ - name: AAI_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aai-creds" "key" "login") | indent 14 }}
+ - name: AAI_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aai-creds" "key" "password") | indent 14 }}
+ - name: MSO_KEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cnf-adapter-mso-key" "key" "password") | indent 14 }}
+ image: {{ .Values.global.dockerHubRepository }}/{{ .Values.global.soCryptoImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: encoder
+ mountPath: /output
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-so-mariadb-config-job
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export AAF_BASE64=$(echo -n "${AAF_USERNAME}:${AAF_PASSWORD}" | base64)
+ export AAF_AUTH=$(echo "Basic ${AAF_BASE64}")
+ export AAI_AUTH=$(cat /input/.aai_creds)
+ {{- if .Values.global.aafEnabled }}
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ {{- end }}
+ {{- end }}
+ ./start-app.sh
+ resources: {{ include "common.resources" . | nindent 12 }}
+ ports: {{- include "common.containerPorts" . | nindent 12 }}
+ env:
+ - name: AAF_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aaf-creds" "key" "login") | indent 14 }}
+ - name: AAF_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aaf-creds" "key" "password") | indent 14 }}
+ - name: ACTUATOR_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }}
+ - name: ACTUATOR_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }}
+ {{ include "so.certificates.env" . | indent 12 | trim }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-env
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-truststore
+ mountPath: /app/client
+ readOnly: true
+ - name: encoder
+ mountPath: /input
+ livenessProbe:
+ httpGet:
+ path: {{ index .Values.livenessProbe.path}}
+ port: {{ index .Values.containerPort }}
+ scheme: {{ index .Values.livenessProbe.scheme}}
+ initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
+ periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
+ timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
+ successThreshold: {{ index .Values.livenessProbe.successThreshold}}
+ failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+ volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: encoder
+ emptyDir:
+ medium: Memory
+ - name: {{ include "common.fullname" . }}-truststore
+ secret:
+ secretName: {{ include "common.release" . }}-so-truststore-secret
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ repository: nexus3.onap.org:10001
+ readinessImage: oomk8s/readiness-check:2.2.2
+ soCryptoImage: sdesbure/so_crypto:latest
+ dockerHubRepository: docker.io
+ persistence:
+ mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: ${AAF_AUTH}
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: server-actuator-creds
+ name: '{{ include "common.release" . }}-so-cnf-actuator-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}'
+ login: '{{ .Values.server.actuator.username }}'
+ password: '{{ .Values.server.actuator.password }}'
+ passwordPolicy: required
+ - uid: so-aaf-creds
+ name: '{{ include "common.release" . }}-so-cnf-aaf-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.aafCredsExternalSecret) . }}'
+ login: '{{ .Values.server.aaf.username }}'
+ password: '{{ .Values.server.aaf.password }}'
+ passwordPolicy: required
+ - uid: so-aai-creds
+ name: '{{ include "common.release" . }}-so-cnf-aai-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.aaiCredsExternalSecret) . }}'
+ login: '{{ .Values.server.aai.username }}'
+ password: '{{ .Values.server.aai.password }}'
+ passwordPolicy: required
+ - uid: cnf-adapter-mso-key
+ name: '{{ include "common.release" . }}-so-cnf-mso-key'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.mso.msoKeySecret) . }}'
+ password: '{{ .Values.mso.msoKey }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+repository: nexus3.onap.org:10001
+image: onap/so/mso-cnf-adapter:1.7.1
+pullPolicy: Always
+
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
+server:
+ aaf:
+ username: so@so.onap.org
+ password: demo123456
+ # aafCredsExternalSecret: some secret
+ aai:
+ username: aai@aai.onap.org
+ password: demo123456!
+ auth: ${AAI_AUTH}
+ # aaiCredsExternalSecret: some secret
+ actuator:
+ username: mso_admin
+ password: password1$
+ # actuatorCredsExternalSecret: some secret
+
+mso:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ # msoKeySecret: some secret
+ adapters:
+ requestDb:
+ auth: ${REQUEST_AUTH}
+
+replicaCount: 1
+minReadySeconds: 10
+containerPort: &containerPort 8090
+logPath: ./logs/cnf/
+app: cnf-adapter
+service:
+ type: ClusterIP
+ ports:
+ - name: http-api
+ port: *containerPort
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+
+soHelpers:
+ nameOverride: so-cnf-cert-init
+ certInitializer:
+ nameOverride: so-cnf-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.openStackAdapterPerm
+ containerPort: *containerPort
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+
+livenessProbe:
+ path: /manage/health
+ port: 8090
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+
+ingress:
+ enabled: false
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Secret
metadata:
+{{/*
# Copyright © 2020 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
aai:
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
+{{/*
# Copyright © 2020 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2020 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
{{- if .Values.global.aafEnabled }}
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export TRUSTSTORE="file:/${TRUSTSTORE}"
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password}"
{{- end }}
+{{/*
# Copyright © 2020 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.ingress" . }}
+{{/*
# Copyright © 2020 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2020 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.service" . }}
#!/bin/sh
+{{/*
#
# ============LICENSE_START==========================================
# ===================================================================
# ECOMP and OpenECOMP are trademarks
# and service marks of AT&T Intellectual Property.
#
+*/}}
echo "Creating camundabpmn database . . ." 1>/tmp/mariadb-camundabpmn.log 2>&1
#!/bin/sh
+{{/*
#
# ============LICENSE_START==========================================
# ===================================================================
# ECOMP and OpenECOMP are trademarks
# and service marks of AT&T Intellectual Property.
#
+*/}}
echo "Creating requestdb database . . ." 1>/tmp/mariadb-requestdb.log 2>&1
#!/bin/sh
+{{/*
#
# ============LICENSE_START==========================================
# ===================================================================
# ECOMP and OpenECOMP are trademarks
# and service marks of AT&T Intellectual Property.
#
+*/}}
echo "Creating catalogdb database . . ." 1>/tmp/mariadb-catalogdb.log 2>&1
#!/bin/sh
+{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2020 Nordix Foundation.
# ================================================================================
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
+*/}}
echo "Creating nfvo database . . ." 1>/tmp/mariadb-nfvodb.log 2>&1
#!/bin/sh
+{{/*
#
# ============LICENSE_START==========================================
# ===================================================================
# ECOMP and OpenECOMP are trademarks
# and service marks of AT&T Intellectual Property.
#
+*/}}
echo "Creating so user . . ." 1>/tmp/mariadb-so-user.log 2>&1
#!/bin/sh
+{{/*
#
# ============LICENSE_START==========================================
# ===================================================================
# ECOMP and OpenECOMP are trademarks
# and service marks of AT&T Intellectual Property.
#
+*/}}
echo "Creating so admin user . . ." 1>/tmp/mariadb-so-admin.log 2>&1
+{{/*
# Copyright 2018 © Samsung Electronics Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.global.migration.enabled }}
apiVersion: batch/v1
kind: Job
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Copyright © 2020 Samsung Electronics
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
server:
port: {{ index .Values.containerPort }}
+ {{- if .Values.global.aafEnabled }}
+ ssl:
+ keyStore: ${KEYSTORE}
+ keyStorePassword: ${KEYSTORE_PASSWORD}
+ trustStore: ${TRUSTSTORE}
+ trustStorePassword: ${TRUSTSTORE_PASSWORD}
+ {{- end }}
tomcat:
max-threads: 50
+ {{- if not .Values.global.aafEnabled }}
ssl-enable: false
+ {{- end }}
camunda:
rest:
api:
api:
url: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/infraActiveRequests/
auth: Basic YnBlbDpwYXNzd29yZDEk
+spring:
+ main:
+ allow-bean-definition-overriding: true
+ security:
+ usercredentials:
+ -
+ username: ${SO_MONITORING_USERNAME}
+ password: ${SO_MONITORING_PASSWORD}
+ role: GUI-Client
+{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
# ================================================================================
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
# @author: gareth.roper@ericsson.com
+*/}}
apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
+{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 Nokia
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
# @author: gareth.roper@ericsson.com
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- name: so-chown
image: alpine:3.6
volumeMounts:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
resources: {{ include "common.resources" . | nindent 12 }}
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ export SO_MONITORING_PASSWORD=`htpasswd -bnBC 10 "" $SO_MON_PASS | tr -d ':\n' | sed 's/\$2y/\$2a/'`
+ {{- if .Values.global.aafEnabled }}
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.cred.props | xargs -0)
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export KEYSTORE=file://$cadi_keystore
+ export KEYSTORE_PASSWORD=$cadi_keystore_password_p12
+ export TRUSTSTORE=file://$cadi_truststore
+ export TRUSTSTORE_PASSWORD=$cadi_truststore_password
+ {{- end }}
+ /app/start-app.sh
env:
- name: DB_HOST
valueFrom:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ - name: SO_MONITORING_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 10 }}
+ - name: SO_MON_PASS
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 10 }}
+
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications © 2020 Nokia
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
# @author: gareth.roper@ericsson.com
+*/}}
apiVersion: v1
kind: Service
metadata:
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ {{if .Values.global.aafEnabled -}}
type: {{ .Values.service.type }}
+ {{- else -}}
+ type: ClusterIP
+ {{- end }}
ports:
- {{if eq .Values.service.type "NodePort" -}}
+ {{if and (eq .Values.service.type "NodePort") (.Values.global.aafEnabled) -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
# Copyright (C) 2020 Huawei
+# Modifications Copyright © 2020 Nokia
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
readinessImage: onap/oom/readiness:3.0.1
aafAgentImage: onap/aaf/aaf_agent:2.1.20
envsubstImage: dibi/envsubst
+ aafEnabled: true
persistence:
mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: true
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
#################################################################
# Secrets metaconfig
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
+ - uid: app-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.monitoring.soMonitoringCredsExternalSecret) . }}'
+ login: '{{ .Values.server.monitoring.username }}'
+ password: '{{ .Values.server.monitoring.password }}'
#secretsFilePaths: |
# - 'my file 1'
# - '{{ include "templateThatGeneratesFileName" . }}'
-#################################################################
-# AAF part
-#################################################################
-soHelpers:
- nameOverride: so-monitoring-cert-init
- certInitializer:
- nameOverride: so-monitoring-cert-init
- credsPath: /opt/app/osaaf/local
-
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/so-monitoring:1.6.4
+image: onap/so/so-monitoring:1.7.7
pullPolicy: Always
db:
replicaCount: 1
minReadySeconds: 10
-containerPort: 9091
+containerPort: &containerPort 9091
logPath: app/logs/
app: so-monitoring
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+ nameOverride: so-monitoring-cert-init
+ certInitializer:
+ nameOverride: so-monitoring-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.monitoringPerm
+ containerPort: *containerPort
+
+server:
+ monitoring:
+ username: demo
+ # password: demo123456!
+ # soMonitoringCredsExternalSecret: some secret
+
service:
#Since this is a feature for monitoring the service type is changed to internal, users can change it to NodePort on need basis...
- type: ClusterIP
+ type: NodePort
nodePort: 24
- internalPort: 9091
- externalPort: 9091
+ internalPort: *containerPort
+ externalPort: *containerPort
portName: so-monitor-port
updateStrategy:
type: RollingUpdate
+{{/*
# Copyright © 2020 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
aai:
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
+{{/*
# Copyright © 2020 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "env") | nindent 2 }}
+{{/*
# Copyright © 2020 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+{{/*
# Copyright © 2020 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2020 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.service" . }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
aai:
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
name: {{ include "common.fullname" . }}-log
namespace: {{ include "common.namespace" . }}
data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
metadata:
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# See the License for the specific language governing permissions and
# limitations under the License.
# will be used as entry in DB to say SITE OFF/ON for healthcheck
+*/}}
server:
port: {{ index .Values.containerPort }}
tomcat:
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
metadata:
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
aai:
auth: {{.Values.aai.auth}}
server:
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
metadata:
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
server:
port: {{ index .Values.containerPort }}
mso:
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
metadata:
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Secret
metadata:
+{{/*
# Copyright © 2020 Samsung# Copyright © 2020 Samsung
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
server:
port: {{ include "common.getPort" (dict "global" . "name" "http") }}
+{{/*
# Copyright © 2020 Samsung
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2020 Samsung
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2020 Samsung
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.service" . }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
logging:
path: logs
spring:
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
metadata:
+{{/*
# Copyright © 2019 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
aai:
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
version: v15
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
+{{/*
# Copyright © 2019 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2019 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
metadata:
keytool -import -trustcacerts -alias msb_root -file \
/certificates/msb-ca.crt -keystore \
"{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
- -keypass $cadi_truststore_password -noprompt
+ -storepass $cadi_truststore_password -noprompt
+ keytool -importkeystore -srckeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks" \
+ -srcstorepass {{ $subchartDot.Values.certInitializer.trustStoreAllPass }} \
+ -destkeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
+ -deststorepass $cadi_truststore_password -noprompt
volumeMounts:
{{ include "common.certInitializer.volumeMount" $subchartDot | indent 2 | trim }}
- name: {{ include "common.name" $dot }}-msb-certificate
# Secrets metaconfig
#################################################################
secrets:
- - uid: "so-onap-certs"
+ - uid: 'so-onap-certs'
name: '{{ include "common.release" . }}-so-certs'
externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
type: generic
fqdn: so
fqi: so@so.onap.org
public_fqdn: so.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
+ cadi_longitude: '0.0'
+ cadi_latitude: '0.0'
app_ns: org.osaaf.aaf
credsPath: /opt/app/osaaf/local
+ trustStoreAllPass: changeit
aaf_add_config: >
/opt/app/aaf_config/bin/agent.sh local showpass
{{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
- repository: '@local'
+ repository: "@local"
- name: mariadb-galera
version: ~6.x-0
- repository: '@local'
+ repository: "@local"
condition: global.mariadbGalera.localCluster
- name: soHelpers
version: ~6.x-0
- repository: 'file://components/soHelpers'
+ repository: "file://components/soHelpers"
- name: so-appc-orchestrator
version: ~6.x-0
- repository: 'file://components/so-appc-orchestrator'
+ repository: "file://components/so-appc-orchestrator"
condition: so-appc-orchestrator.enabled
- name: so-bpmn-infra
version: ~6.x-0
- repository: 'file://components/so-bpmn-infra'
+ repository: "file://components/so-bpmn-infra"
- name: so-catalog-db-adapter
version: ~6.x-0
- repository: 'file://components/so-catalog-db-adapter'
+ repository: "file://components/so-catalog-db-adapter"
condition: so-catalog-db-adapter.enabled
+ - name: so-cnf-adapter
+ version: ~6.x-0
+ repository: "file://components/so-cnf-adapter"
+ condition: so-cnf-adapter.enabled
- name: so-db-secrets
version: ~6.x-0
- repository: 'file://components/so-db-secrets'
+ repository: "file://components/so-db-secrets"
condition: so-etsi-nfvo-ns-lcm.enabled
- name: so-etsi-nfvo-ns-lcm
version: ~6.x-0
condition: so-etsi-nfvo-ns-lcm.enabled
- name: so-mariadb
version: ~6.x-0
- repository: 'file://components/so-mariadb'
+ repository: "file://components/so-mariadb"
- name: so-monitoring
version: ~6.x-0
- repository: 'file://components/so-monitoring'
+ repository: "file://components/so-monitoring"
condition: so-monitoring.enabled
- name: so-nssmf-adapter
version: ~6.x-0
- repository: 'file://components/so-nssmf-adapter'
+ repository: "file://components/so-nssmf-adapter"
condition: so-nssmf-adapter.enabled
- name: so-oof-adapter
version: ~6.x-0
condition: so-oof-adapter.enabled
- name: so-openstack-adapter
version: ~6.x-0
- repository: 'file://components/so-openstack-adapter'
+ repository: "file://components/so-openstack-adapter"
condition: so-openstack-adapter.enabled
- name: so-request-db-adapter
version: ~6.x-0
- repository: 'file://components/so-request-db-adapter'
+ repository: "file://components/so-request-db-adapter"
- name: so-sdc-controller
version: ~6.x-0
- repository: 'file://components/so-sdc-controller'
+ repository: "file://components/so-sdc-controller"
- name: so-sdnc-adapter
version: ~6.x-0
- repository: 'file://components/so-sdnc-adapter'
+ repository: "file://components/so-sdnc-adapter"
condition: so-sdnc-adapter.enabled
- name: so-secrets
version: ~6.x-0
- repository: 'file://components/so-secrets'
+ repository: "file://components/so-secrets"
- name: so-ve-vnfm-adapter
version: ~6.x-0
- repository: 'file://components/so-ve-vnfm-adapter'
+ repository: "file://components/so-ve-vnfm-adapter"
condition: so-ve-vnfm-adapter.enabled
- name: so-vfc-adapter
version: ~6.x-0
- repository: 'file://components/so-vfc-adapter'
+ repository: "file://components/so-vfc-adapter"
condition: so-vfc-adapter.enabled
- name: so-vnfm-adapter
version: ~6.x-0
- repository: 'file://components/so-vnfm-adapter'
+ repository: "file://components/so-vnfm-adapter"
condition: so-vnfm-adapter.enabled
#!/bin/sh
+{{/*
# Copyright 2015 AT&T Intellectual Properties
##############################################################################
# Script to initialize the chef-repo branch and.chef
#
##############################################################################
+*/}}
# Copy the certificates
echo 'Copying the *.crt provided in /shared folder'
cp --verbose /shared/*.crt /usr/local/share/ca-certificates
cloud-owner: CloudOwner
adapters:
network:
- encryptionKey: {{ .Values.global.app.msoKey }}
+ encryptionKey: {{ .Values.mso.msoKey }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
+{{/*
# Copyright © 2020 Samsung Electronics
# Modifications Copyright © 2020 Orange
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
metadata:
siteName: onapheat
auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
defaultCloudOwner: onap
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
client:
certs:
truststore: /app/client/org.onap.so.trust.jks
type: generic
filePaths:
- resources/config/certificates/msb-ca.crt
- - uid: "mso-key"
+ - uid: 'mso-key'
name: &mso-key '{{ include "common.release" . }}-mso-key'
type: password
- password: '{{ .Values.global.app.msoKey }}'
+ password: '{{ .Values.mso.msoKey }}'
- uid: mso-oof-auth
name: &mso-oof-auth '{{ include "common.release" . }}-mso-oof-auth'
type: basicAuth
login: '{{ .Values.mso.oof.login }}'
password: '{{ .Values.mso.oof.password }}'
passwordPolicy: required
+ - uid: server-actuator-creds
+ name: &actuator-secrets '{{ include "common.release" . }}-so-server-actuator-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}'
+ login: '{{ .Values.server.actuator.username }}'
+ password: '{{ .Values.server.actuator.password }}'
+ passwordPolicy: required
+ - uid: server-bpel-creds
+ name: &bpel-secrets '{{ include "common.release" . }}-so-server-bpel-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.bpelCredsExternalSecret) . }}'
+ login: '{{ .Values.server.bpel.username }}'
+ password: '{{ .Values.server.bpel.password }}'
+ passwordPolicy: required
+ - uid: so-aaf-creds
+ name: &aaf-secrets '{{ include "common.release" . }}-so-server-aaf-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.aafCredsExternalSecret) . }}'
+ login: '{{ .Values.server.aaf.username }}'
+ password: '{{ .Values.server.aaf.password }}'
+ passwordPolicy: required
+ - uid: so-aai-creds
+ name: &aai-secrets '{{ include "common.release" . }}-so-server-aai-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.aaiCredsExternalSecret) . }}'
+ login: '{{ .Values.server.aai.username }}'
+ password: '{{ .Values.server.aai.password }}'
+ passwordPolicy: required
aafConfig:
permission_user: 1000
userName: so_user
adminName: so_admin
+server:
+ aaf:
+ username: so@so.onap.org
+ password: demo123456
+ # aafCredsExternalSecret: some secret
+ aai:
+ username: aai@aai.onap.org
+ password: demo123456!
+ # aaiCredsExternalSecret: some secret
+ actuator:
+ username: mso_admin
+ password: password1$
+ # actuatorCredsExternalSecret: some secret
+ bpel:
+ username: bpel
+ password: password1$
+ # bpelCredsExternalSecret: some secret
+
repository: nexus3.onap.org:10001
image: onap/so/api-handler-infra:1.6.4
pullPolicy: Always
+
replicaCount: 1
minReadySeconds: 10
+
containerPort: &containerPort 8080
+
logPath: ./logs/apih/
+
app: api-handler-infra
+
service:
type: NodePort
nodePort: 77
internalPort: *containerPort
externalPort: *containerPort
portName: so-apih-port
+
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
requestDb:
auth: Basic YnBlbDpwYXNzd29yZDEk
camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
sdc:
client:
auth: 878785F4F31BC9CFA5AB52A172008212D8845ED2DE08AD5E56AF114720A4E49768B8F95CDA2EB971765D28EDCDAA24
so-appc-orchestrator:
enabled: true
+ server:
+ actuatorCredsExternalSecret: *actuator-secrets
db:
<<: *dbSecrets
db:
<<: *dbSecrets
+so-cnf-adapter:
+ enabled: true
+ server:
+ aafCredsExternalSecret: *aaf-secrets
+ aaiCredsExternalSecret: *aai-secrets
+ actuatorCredsExternalSecret: *actuator-secrets
+ mso:
+ msoKeySecret: *mso-key
+
so-etsi-nfvo-ns-lcm:
enabled: true
db:
<<: *dbSecrets
+so-mariadb:
+ db:
+ rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
+ rootPasswordExternalSecret: '{{ ternary .Values.db.rootPasswordExternalSecretLocalDb (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}'
+ backupCredsExternalSecret: *dbBackupCredsSecretName
+ userCredsExternalSecret: *dbUserCredsSecretName
+ adminCredsExternalSecret: *dbAdminCredsSecretName
+
so-monitoring:
enabled: true
db:
<<: *dbSecrets
+so-nssmf-adapter:
+ enabled: true
+ server:
+ actuatorCredsExternalSecret: *actuator-secrets
+ bpelCredsExternalSecret: *bpel-secrets
+ db:
+ <<: *dbSecrets
+
+so-oof-adapter:
+ enabled: true
+ db:
+ <<: *dbSecrets
+ mso:
+ msoKeySecret: *mso-key
+ camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
+ oof:
+ authSecret: *mso-oof-auth
+
so-openstack-adapter:
enabled: true
db:
db:
<<: *dbSecrets
-so-nssmf-adapter:
- enabled: true
- db:
- <<: *dbSecrets
-
-so-oof-adapter:
- enabled: true
- db:
- <<: *dbSecrets
- mso:
- msoKeySecret: *mso-key
- camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
- oof:
- authSecret: *mso-oof-auth
-
so-vnfm-adapter:
enabled: true
-
-so-mariadb:
- db:
- rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
- rootPasswordExternalSecret: '{{ ternary .Values.db.rootPasswordExternalSecretLocalDb (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}'
- backupCredsExternalSecret: *dbBackupCredsSecretName
- userCredsExternalSecret: *dbUserCredsSecretName
- adminCredsExternalSecret: *dbAdminCredsSecretName
"port": "{{.Values.service.externalPort}}",
"enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
+ },
+ {
+ "serviceName": "nslcm",
+ "version": "v2",
+ "url": "/api/nslcm/v2",
+ "protocol": "REST",
+ "port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+ "visualRange":"1"
}
]'
spec:
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/nslcm:1.4.0
+image: onap/vfc/nslcm:1.4.1
pullPolicy: Always
#Istio sidecar injection policy